45043 matches found
CVE-2025-59741
AndSoft e-TMS v25.03 suffers an OS command injection that can be triggered by sending a POST request to /CLT/LOGINERRORFRM.ASP with the m parameter. Multiple connected sources (CNVD-2025-23538, NVD/CVE-2025-59741, CNNVD-202510-331, PT-2025-40361) confirm the vulnerability exists and that an attac...
CVE-2025-59740
AndSoft e-TMS v25.03 has an OS command injection vulnerability arising from misuse of the m parameter in /clt/LOGINFRM_CAT.ASP. A crafted POST request can lead to execution of operating system commands on the server. Reported across multiple feeds (CNVD/CNNVD/CVELIST-derived notes; PT-SEC) with n...
CVE-2025-59735
CVE-2025-59735 concerns an operating system command injection in AndSoft’s e-TMS v25.03. The vulnerability arises from the misuse of the POST parameter m in the endpoint /clt/LOGINFRM.ASP , allowing an attacker to execute OS commands on the server. Reported in multiple feeds, the issue is describ...
UBUNTU-CVE-2025-54289
Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands
...
PT-2025-40332
Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...
PT-2025-40651
CVE-2025-61850 - Apache Struts Command Execution CVE ID : CVE-2025-61850 Published : Oct. 2, 2025, 3:15 a.m. | 1 hour, 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Smartbedded Meteobridge Command Injection Vulnerability
Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges root on affected devices...
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
...
CVE-2025-10847
DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...
CVE-2025-10847
CVE-2025-10847 concerns Broadcom’s DX Unified Infrastructure Management (Nimsoft/UIM) robot/controller ACL handling. Connected sources indicate an improper ACL handling flaw that allows a remote attacker to execute commands and read from or write to the target system via the robot component. The ...
CVE-2025-10847 DX UIM Probe Improper ACL Handling RCE
DX Unified Infrastructure Management Nimsoft/UIM and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...
PT-2025-40103
Name of the Vulnerable Software and Affected Versions DX Unified Infrastructure Management Nimsoft/UIM versions prior to 8.63 Description The software contains an improper Access Control List ACL handling issue within the robot controller component. A remote attacker may be able to execute...
Broadcom Unified Infrastructure Management 安全漏洞
Broadcom Unified Infrastructure Management is an IT infrastructure monitoring and management platform from Broadcom, Inc. A security vulnerability exists in Broadcom Unified Infrastructure Management that stems from improper handling of access control lists for robotic components, which could...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
Vulnerability fixed in IBM InfoSphere
IBM has fixed a vulnerability in InfoSphere Versions 11.7.0.0 to 11.7.1.6 The vulnerability is in how input is validated in affected versions of InfoSphere. Authenticated users can exploit this vulnerability to execute arbitrary commands with elevated privileges. This could lead to unauthorized...
CVE-2025-36245 IBM InfoSphere Information Server command execution
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...
CVE-2025-36245
IBM InfoSphere Information Server versions 11.7.0.0 to 11.7.1.6 are affected by a command injection vulnerability where an authenticated user can execute arbitrary commands with elevated privileges due to improper input validation. The issue is documented as CVE-2025-36245. Remediation per IBM is...
CVE-2025-11138
A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23367)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...